These two lines of code when working with the SharePoint object Model will allow you to see what user or security context if you like your is running under.
You will need to reference the correct libraries in your .NET classes use statement however the intellisense will pick this up for you.
WindowsPrincipal principal = GetWindowsIdentityPrincipalObject();
SPUserToken spToken = spWeb.CurrentUser.UserToken;
(spWeb is a variable already created code left out)
SPSecurity.RunWithElevatedPrivileges(delegate()
{
//code you want to run
});
This will allow you to run code with the permission level of the app pool account the particular site collection is running in.
Without giving this account ridiculously high Privileges which is not a good idea this will not necessarilly allow you to do certain things.
For example if you want to give users with Contribute rights the ability to create users in an FBA Extranet implementation run with elevated privilleges will not do it.
What I did to make this work is create a base page that the FBA applications pages inherit from with a couple of properties
protected SPUserToken _userToken;
protected SPUserToken UserToken
{
get
{
if (_userToken != null)
{
return _userToken;
}
_userToken = SPContext.Current.Web.AllUsers[Account].UserToken;
return _userToken;
}
}
In the above piece of code the Account string is read from an xml config file and has a Windows account with sufficient rights in SharePoint land to create FBA Users.
protected SPSite _site;
protected SPSite CurrSite
{
get
{
if (_site != null)
{
return _site;
}
_site = new SPSite(SPContext.Current.Site.Url, UserToken);
return _site;
}
}
Apart from this what other pearls do I have regarding security quite a few I am no expert in this area as it is complicated and there are a number of good postings on the web. What I do recommend though is creating special accounts for special puposes with the correct permission levels and a description of what the account does (appropriately named may also be a help). If you are using kerberos this should include its Kerberos set up this should also be documented else where.
I have seen some embarrasing situations where people forget what accounts they have set up or a previous administrator did not document it and discovering things that should be well known to keep your SP farm operating properly is a waste of time.
On FBA application pages and application pages in general there are a number of other good postings on the web which you will need to read.
Wednesday, December 2, 2009
MOSS 2007 My Links Menu Options missing
The My Links menu options can be controlled by the Profiles Services policies in the SSP.
For completeness I will mention here that the display of the My Site Link and My Links is also effected by the user rights given in the SSP Personalisation service Permissions. This is the easiest way to hide these links.
For completeness I will mention here that the display of the My Site Link and My Links is also effected by the user rights given in the SSP Personalisation service Permissions. This is the easiest way to hide these links.
MOSS 2007 My Site Link Not Visible
The Permission string setting in the SPSecurityTrimmedControl in the Master page the site is using needs to be set to ViewPages for users with Contribute rights to see the My Site Link. Otherwise if it is set to for example to BrowseDirectories only people with Full Contol will see the link like site Admins.
<spsecuritytrimmedcontrol permissionsstring="BrowseDirectories" runat="server"></spsecuritytrimmedcontrol>
<spsecuritytrimmedcontrol permissionsstring="viewpages" runat="server"></spsecuritytrimmedcontrol>
Note: Just adding this control to the Master page confers the rights across all controls on the Master page as far as I can tell. If you place a control inside the SPSecurityTrimmedControl it controls the visibility of the control based on the users rights. In my experience with SharePoint so far although I have not experimented with this I believe it will also effect what the control renders or displays based on the user rights. For example if it is a drop down menu it may display some items on the menu and not others.
<spsecuritytrimmedcontrol permissionsstring="BrowseDirectories" runat="server"></spsecuritytrimmedcontrol>
<spsecuritytrimmedcontrol permissionsstring="viewpages" runat="server"></spsecuritytrimmedcontrol>
Note: Just adding this control to the Master page confers the rights across all controls on the Master page as far as I can tell. If you place a control inside the SPSecurityTrimmedControl it controls the visibility of the control based on the users rights. In my experience with SharePoint so far although I have not experimented with this I believe it will also effect what the control renders or displays based on the user rights. For example if it is a drop down menu it may display some items on the menu and not others.
Tuesday, December 1, 2009
SharePoint 2010 Overview
I went to an SP 2010 Seminar today in at Microsoft led by Mick Badran from Breeze consulting sponsored by EXCOM and MS.
Beta 2 office 2010 SP 2010 VS.NET 2010 available for download been up for about 4 weeks
here are the points I took away.
Planning (ok you should plan)
Layers (what layer should things be happening in, at)
Significant change and improvement (SSP replaced by application services more flexible and configurable)
WSS 3.0 now is SP foundation services basically WSS 4.0
Groove now sharepoint workspace - local copy of a site offline my site (idea) synch up in the background when connected.
SSP changes service apps in farms share across site colls apps farms cotent types meta data synch across various levels (farm level down to web) fine granular control over sharing info can write your own services that you plug in the back end like a timer job in 2007 equivalnet of but better
Publish access db into sp whole thing front and back end a quick dirty way to create small apps (I know I was shuddering also)
(BDC ) Integration services read write
a lot less postbacks and round tripping b/c of Ajax UI
An Ajax dialogue box built in you can reuse as developers (remember how much pain I went through with this one at ET appears MS felt my pain (although obviously a common problem for all dev's))
Also good client side dev support through json jquery model is much better
sp2010 ajax ribbon office style (basically ribbon you get in sight edit mode for editing pages looks the same as office 2007)
Workflows can be tied to site collection level web level
Tagging every where improved meta data content type services and so on (farm level)
Document Set - like a zip or a cab file a container for a set of documents within a document library sort of group together without a folder.
Ajax info path forms same issue with businesslogic complex validation can export all content and customisations as wsp files v3 Custom Master pages will need to be re designed with support for v4 (XHTML CSS2-3 no more table layout)
v3 UI with no change supported in v4 once ready flick over to v4 combine diff features combine export out to vs.net build up a wsp file.
Concept here is you can rip stuff from the fabulous 40 templates or existing custom stuff and cobble into new site defs through the use of VS.NET 2010 and SPD 2010. Basically gives you a way of reusing templates and code for SP folk it is a bit like conceptually how .net folk re use 3rd party components and controls but inside SP's framework or architecture this was already there for us but CAML based sites defs you really had to work for it, it is a hell to debug, this model appears to allow you to do it in a more automated less error prone fashion. XML is meant to be tooled as is XSLT and now the tools appear to be there that were lacking. Which hopefully will take the hump out of the CAML.
Proper full integration between VS.NET 2010 and SP 2010 for WSP site def deploy whatever you want to wherever you want you can see the 12 hive tree in VS.NET 2010 site colls etc and target it easily, basically do everything you can through the UI or SPD in terms of customisation but obviously compile code event receivers,web parts features and so on, good support for AJAX.
Ok this is a huge point for me rather than create site defs you have a smooth easy way to build with SPD 2010 and reverse out to VS.NET or straight to wsp solutions (say for branding simple workflows ets) greatly reduces dev time in terms of deployment. Also (ms felt more of my pain and everyone elses) if you have delta change application templates that you can't pin features to via stapling you can save/export these out as WSP's features lists wf's the whole lot and coble together a site def this is huge if you have 100's of subsites and do not have site defs and you are having trouble applying features retrospectvely via code in the object model after an app template is used to create a new site. There is not a straight forward method to do this but it can be done to enable this mess in v3 to be fixed.
You can use content types and meta data to build top level nav as sites are added.
SP 2010 much tighter integration with SPD reusable workflows and workflow designs can be created basically a round trip b/w business and developers through Visio and SPD looks impressive good for simple wf's devs can do the complex bits (looks like nirvana for the BA's / BPR folk)
Vs.net 2010 import reusable workflow impersonate users and user context built in
SP as a data repository has come a long way in 2010
Developer dash board on demand on the page so you can see everything happening even in production pages using the on demand setting.
Better analysis, monitoring and throttling tools for admins. An Admin can block an errant web part if it displays too many list items or uses too many resources that are available to the farm for example exceeds a certain % of the resources available to the Farm.
Also heads up on SP 2010 Internet (or Portal or whatever they are calling it) and SP 2010 Enterprise Collaboration is that they are the same thing but basically different licensing models.
Beta 2 office 2010 SP 2010 VS.NET 2010 available for download been up for about 4 weeks
here are the points I took away.
Planning (ok you should plan)
Layers (what layer should things be happening in, at)
Significant change and improvement (SSP replaced by application services more flexible and configurable)
WSS 3.0 now is SP foundation services basically WSS 4.0
Groove now sharepoint workspace - local copy of a site offline my site (idea) synch up in the background when connected.
SSP changes service apps in farms share across site colls apps farms cotent types meta data synch across various levels (farm level down to web) fine granular control over sharing info can write your own services that you plug in the back end like a timer job in 2007 equivalnet of but better
Publish access db into sp whole thing front and back end a quick dirty way to create small apps (I know I was shuddering also)
(BDC ) Integration services read write
a lot less postbacks and round tripping b/c of Ajax UI
An Ajax dialogue box built in you can reuse as developers (remember how much pain I went through with this one at ET appears MS felt my pain (although obviously a common problem for all dev's))
Also good client side dev support through json jquery model is much better
sp2010 ajax ribbon office style (basically ribbon you get in sight edit mode for editing pages looks the same as office 2007)
Workflows can be tied to site collection level web level
Tagging every where improved meta data content type services and so on (farm level)
Document Set - like a zip or a cab file a container for a set of documents within a document library sort of group together without a folder.
Ajax info path forms same issue with businesslogic complex validation can export all content and customisations as wsp files v3 Custom Master pages will need to be re designed with support for v4 (XHTML CSS2-3 no more table layout)
v3 UI with no change supported in v4 once ready flick over to v4 combine diff features combine export out to vs.net build up a wsp file.
Concept here is you can rip stuff from the fabulous 40 templates or existing custom stuff and cobble into new site defs through the use of VS.NET 2010 and SPD 2010. Basically gives you a way of reusing templates and code for SP folk it is a bit like conceptually how .net folk re use 3rd party components and controls but inside SP's framework or architecture this was already there for us but CAML based sites defs you really had to work for it, it is a hell to debug, this model appears to allow you to do it in a more automated less error prone fashion. XML is meant to be tooled as is XSLT and now the tools appear to be there that were lacking. Which hopefully will take the hump out of the CAML.
Proper full integration between VS.NET 2010 and SP 2010 for WSP site def deploy whatever you want to wherever you want you can see the 12 hive tree in VS.NET 2010 site colls etc and target it easily, basically do everything you can through the UI or SPD in terms of customisation but obviously compile code event receivers,web parts features and so on, good support for AJAX.
Ok this is a huge point for me rather than create site defs you have a smooth easy way to build with SPD 2010 and reverse out to VS.NET or straight to wsp solutions (say for branding simple workflows ets) greatly reduces dev time in terms of deployment. Also (ms felt more of my pain and everyone elses) if you have delta change application templates that you can't pin features to via stapling you can save/export these out as WSP's features lists wf's the whole lot and coble together a site def this is huge if you have 100's of subsites and do not have site defs and you are having trouble applying features retrospectvely via code in the object model after an app template is used to create a new site. There is not a straight forward method to do this but it can be done to enable this mess in v3 to be fixed.
You can use content types and meta data to build top level nav as sites are added.
SP 2010 much tighter integration with SPD reusable workflows and workflow designs can be created basically a round trip b/w business and developers through Visio and SPD looks impressive good for simple wf's devs can do the complex bits (looks like nirvana for the BA's / BPR folk)
Vs.net 2010 import reusable workflow impersonate users and user context built in
SP as a data repository has come a long way in 2010
Developer dash board on demand on the page so you can see everything happening even in production pages using the on demand setting.
Better analysis, monitoring and throttling tools for admins. An Admin can block an errant web part if it displays too many list items or uses too many resources that are available to the farm for example exceeds a certain % of the resources available to the Farm.
Also heads up on SP 2010 Internet (or Portal or whatever they are calling it) and SP 2010 Enterprise Collaboration is that they are the same thing but basically different licensing models.
Monday, October 26, 2009
SharePoint 2010 What I am excited about
Ajax forms for lists
Built in editors for office documents
Improved FBA features and Add ins
Improved Workflows
Built in editors for office documents
Improved FBA features and Add ins
Improved Workflows
Monday, July 20, 2009
SharePoint Designer Can't Save Master page
I was trying to edit an unghosted master page (in content db) in MOSS 2007 and SPD froze and crashed each time I tried to save my changes. I solved this problem using the below technique. System Environment (VS.NET 2008 SP1, SPD SP1, Win2k8 R2 64bit, SQL Server SP3 64 bit)
Connect and open the master page with SPD then make a copy of the master page you wish to change. Open and Edit it with VS.NET 2008 from within VS.NET from the context menu open the master page with SPD and save your changes to SP master page library. Then set as custom then default master.
Connect and open the master page with SPD then make a copy of the master page you wish to change. Open and Edit it with VS.NET 2008 from within VS.NET from the context menu open the master page with SPD and save your changes to SP master page library. Then set as custom then default master.
Monday, July 13, 2009
Web Parts Not working in IE8 MOSS 2007
Ok so if you have a public facing SP Portal you have probably noticed in IE 8 that things stop working (for example the content editor web part button) in MOSS 2007 SP2 the good people at MS have of course 2010 coming out soon which I would expect will handle this better in the meantime you can add a statement to your Master pages to run in IE 7 compatibility mode
You will need to add the following HTTP response header into your master page <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> or click the compatibility button beside the refresh button green rectangle with angled line through it.
XHTML 1.0 compliance how close will SharePoint Server 2010 come.
See this post for more info
http://blog.drisgill.com/2009/03/problems-with-ie8-standards-mode.html
You will need to add the following HTTP response header into your master page <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> or click the compatibility button beside the refresh button green rectangle with angled line through it.
XHTML 1.0 compliance how close will SharePoint Server 2010 come.
See this post for more info
http://blog.drisgill.com/2009/03/problems-with-ie8-standards-mode.html
Subscribe to:
Comments (Atom)
